Disney+ accounts hacked: Here’s how to stay safe

Chris Burns - Nov 18, 2019, 4:15pm CST
Disney+ accounts hacked: Here’s how to stay safe

If you’ve already had your Disney+ account hacked in the short time since the service first launched, you’ve likely already been in contact with Disney officials. If you’ve not yet been the victim of the wide-ranging scheme in the first few days since launch of the Disney+ streaming content system, now’s the time to change your password, yet again. Even if you’ve already changed your password since starting to use Disney+, it’s time to make another change.

It’s possible you didn’t get “hacked”

If you believe you’ve been hacked because of an email with the following title, you’ve probably not been hacked: “Your Disney Account has been changed.” This message appeared right out the gate for most (or all) of the users who signed up for the Disney+ free trial period.

This same email appeared for many (or all) users who had a Disney account of some sort in the past, but only recently signed up for Disney+ with said account. This email in an of itself does not mean anything nefarious happened to your account… unless of course you never signed up for Disney+ and haven’t done anything with your Disney account since that last time you visited a Disney park – that could be trouble.

Disney’s login is kinda like Facebook, or Google

A Disney Account here at the tail end of 2019 (and for the foreseeable future) connects to a wide variety of brands and systems. Per Disney’s own “Your account has been changed” email, your Disney account is “used to access other Walt Disney Company apps and websites, such as Disney, ESPN, Marvel, FX, and more.”

This is sorta like how Facebook and Google have single sign-on buttons in all sorts of apps and webpages. The Facebook single sign-on and the Google single sign-on systems have been in play for years. With these systems, user logins are made easy – and Google and Facebook spread their brand with the greatest of ease.

So why not Disney? Much like Google or Facebook, Disney’s login works on a bunch of webpages. Thankfully, a protective layer (should) be in place between the first login and the point at which these accounts can be used to purchase goods and services.

Whoops, password drop

Per the ZDNet investigation into the dark web and hacker forms aplenty, there are a whole bunch of Disney+ accounts (username/password combos) available for sale (and sometimes for free) right this minute. We’re talking usernames and cleartext, easy to read, no decoding necessary, passwords for perusal.

It’s extremely likely that a lot of these appeared thanks to previously-hacked account emails cross-referenced with the newest user lists for Disney+. Each time a person uses the same password they’ve used in the past with the same email or login username, they make it more likely that all of said accounts will be compromised.

If you do not remember changing any password when you first logged in to Disney+ – or at any time since then – NOW IS THE TIME. Head to DisneyPlus (dot) com (slash) account. Then tap (change password). If you’d like to see the url, you could also look at the head of this article – there you’ll also see the change-password bit of the URL added on. Either way, you’re getting to the same place – go for it!

Must Read Bits & Bytes